[ovirt-users] iptables question

Alon Bar-Lev alonbl at redhat.com
Tue Jul 15 11:43:50 EDT 2014


You can modify the IPTablesConfig using engine-config utility to control what goes into host.

In 3.5.0 you can use the IPTablesConfigSiteCustom in order to push some custom rules without breaking future upgrades.

----- Original Message -----
> From: "Niklas Fondberg" <niklas at vireone.com>
> To: "White Hat" <whitehat237 at gmail.com>
> Cc: "users" <users at ovirt.org>
> Sent: Tuesday, July 15, 2014 6:33:15 PM
> Subject: Re: [ovirt-users] iptables question
> 
> Thanks. It is on my centos host which is located deep in my NW.
> 
> 
> Regards,
> Niklas
> 
> > On 15 jul 2014, at 16:41, "White Hat" <whitehat237 at gmail.com> wrote:
> > 
> > Yes it can be disabled, but why not just add the rules you need to
> > make it work properly?
> > 
> > Are you asking about iptables on the host or the guest?  Are you
> > actually using firewalld, or is it really iptables?
> > 
> > You can add a log statement before the reject rule in
> > /etc/sysconfig/iptables to log a message to /var/log/messages to show
> > what is being blocked.
> > 
> > Then you can open those ports that show up in your log as necessary.
> > 
> > For example:
> > http://stackoverflow.com/questions/21771684/iptables-log-and-drop-in-one-rule
> > 
> > HTH
> > 
> >> On Tue, Jul 15, 2014 at 10:34 AM, Niklas Fondberg <niklas at vireone.com>
> >> wrote:
> >> Correction of my bad english...
> >> "can iptables be disabled if I never plan to use NAT:d guests?"
> >> 
> >> 
> >> _______________________________________________
> >> Users mailing list
> >> Users at ovirt.org
> >> http://lists.ovirt.org/mailman/listinfo/users
> >> 
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
> 


More information about the Users mailing list